[Privoxy-users] Privoxy can't forward socks requests

Alex gpost.alex at gmail.com
Wed Mar 29 10:27:27 UTC 2017 

Hi, Fabian.

Thank you very much for information. I thought that privoxy can accept Socks
too. My bad.

"forward-socks5t / 127.0.0.1:9050 ." is working as it should works. It's
anough for me. Thank you.

Have a nice day.
Best Regards,
Aleksander.

-----Original Message-----
From: Fabian Keil [mailto:fk at fabiankeil.de] 
Sent: Wednesday, March 29, 2017 12:25 PM
To: privoxy-users at lists.privoxy.org
Cc: Alex
Subject: Re: [Privoxy-users] Privoxy can't forward socks requests

"Alex" <gpost.alex at gmail.com> wrote:

> I have a little problem with privoxy. When I'm trying to connect to 
> any host via socks of the privoxy I have a connection timeout problem. 
> I'm trying to use privoxy as proxy for tor network. But if I'm trying 
> to use tor network directly there is no any problem. I don't such 
> problems at the HTTP proxy mode. Only socks traffic can't be forwarded.
> 
> I did try to install privoxy on Windows (version 3.0.24 and 3.0.26), 
> CentOS (3.0.10 - from sources, 3.0.24 - RPM, 3.0.26 - RPM), 
> Ubuntu-Server (3.0.26 - deb). And at every system I had the same
> problem: privoxy can't forward requests via socks. Does anyone have 
> any ideas what can cause this type of problem?
> 
> Here is some debugging info:
> 
> $ ss -tan
> State       Recv-Q Send-Q  Local Address:Port     Peer Address:Port
> LISTEN      0      128      192.168.0.16:43700               *:*
> LISTEN      0      128         127.0.0.1:9050                *:*
> 
> $ curl -A test -x Socks5://192.168.0.16:43700 http://api.ipify.org
> curl: (28) SOCKS5 read timeout

The command above lets curl attempt to use Privoxy as Socks5 proxy.

While my impression is that this is what you want, Privoxy is an HTTP proxy
and does not accept Socks5 requests.

You don't get a proper error message because Privoxy is still waiting for
the request line before the request times out.

Technically Privoxy already received enough bytes to reject the request as
invalid so maybe we should let it explicitly check for sock data and reject
it with a similar response like it already does for ftp requests.

> listen-address 192.168.0.16:43700
> forward / .

Note that the directive above is completely overruled by the next one which
uses the same pattern. While this is valid, you may want to remove it or
comment it out to make it more obvious that it has no effect.

> forward-socks5t / 127.0.0.1:9050 .
> 
> There is no firewall or selinux. So I'm out of ideas why it don't work.

If you use:
$ curl -A test -x http://192.168.0.16:43700 http://api.ipify.org

Privoxy should accept the HTTP request from curl and use socks5 to forward
it to Tor. This is how it's supposed to work.

>From your description it's not obvious to me why you want to use Privoxy as
Socks5 proxy in the first place. Do you have a program that makes http
requests and supports socks5 proxies but not http proxies?

Thanks for providing sufficient information with the report.

Fabian

More information about the Privoxy-users mailing list